EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Monday 23 December 2024, 04:10:44 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Endian 2.3 Console Security Bugs
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Endian 2.3 Console Security Bugs (Read 18961 times)
serkanp
Jr. Member
Offline
Posts: 5
Endian 2.3 Console Security Bugs
«
on:
Sunday 14 March 2010, 01:07:37 am »
0 > Shell
1 > Reboot
2 > Change Root Password
3 > Change Admin Password
4 > Restore Factory Defaults
Select Reboot or Restore Factory Defaults, system no ask root or admin password and execute the command.
4 > Restore Factory Defaults, this is disaster to network system.... ( unauthorized people )
How can I pacth this bug or hide this screen.
Thank you.
Logged
StephanSch
Full Member
Offline
Gender:
Posts: 57
Re: Endian 2.3 Console Security Bugs
«
Reply #1 on:
Sunday 14 March 2010, 02:25:25 am »
If your users are able to reach your hardware you have much more problems.
You can edit /usr/sbin/efw-console to hide these options.
Logged
whoiam55
Full Member
Offline
Posts: 71
Re: Endian 2.3 Console Security Bugs
«
Reply #2 on:
Sunday 14 March 2010, 05:52:30 pm »
Quote from: StephanSch on Sunday 14 March 2010, 02:25:25 am
If your users are able to reach your hardware you have much more problems.
I robber will always rob, no matter you have lock on door or not, then why use a lock even?
Logged
सत्यमेव जयते!
StephanSch
Full Member
Offline
Gender:
Posts: 57
Re: Endian 2.3 Console Security Bugs
«
Reply #3 on:
Sunday 14 March 2010, 07:43:12 pm »
And a robber has a advantage of resetting factory defaults or rebooting?
Another constructive point: your users can also start your efw with the mini-bash and change the root password (
http://kb.endian.com/entry/45/
).
Logged
serkanp
Jr. Member
Offline
Posts: 5
Re: Endian 2.3 Console Security Bugs
«
Reply #4 on:
Monday 15 March 2010, 11:10:59 pm »
Quote from: StephanSch on Sunday 14 March 2010, 07:43:12 pm
And a robber has a advantage of resetting factory defaults or rebooting?
Another constructive point: your users can also start your efw with the mini-bash and change the root password ().
Installaiton progress ask me connect to serial interface and I'm say NO
Logged
serkanp
Jr. Member
Offline
Posts: 5
Re: Endian 2.3 Console Security Bugs
«
Reply #5 on:
Monday 15 March 2010, 11:30:40 pm »
Quote from: StephanSch on Sunday 14 March 2010, 02:25:25 am
If your users are able to reach your hardware you have much more problems.
You can edit /usr/sbin/efw-console to hide these options.
thank you, resolve my problem.
Logged
StephanSch
Full Member
Offline
Gender:
Posts: 57
Re: Endian 2.3 Console Security Bugs
«
Reply #6 on:
Wednesday 17 March 2010, 04:10:30 am »
Quote from: serkanp on Monday 15 March 2010, 11:10:59 pm
Installaiton progress ask me connect to serial interface and I'm say NO
I meant "Solution 2"
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com